CVE-2007-4642

Name of the Vulnerable Software and Affected Versions: Doomsday versions 1.9.0-beta5.1 and earlier

Description: The issue arises from multiple buffer overflows that allow remote attackers to execute arbitrary code or cause a denial of service. This occurs when a long chat message is not properly handled by functions such as D NetPlayerEvent in d net.c, Msg Write in net msg.c, or when many commands are not properly handled by the NetSv ReadCommands function in d netsv.c. Additionally, a denial of service can be caused by a chat message without a final '0' character.

Recommendations: For Doomsday versions 1.9.0-beta5.1 and earlier, consider disabling the chat functionality or restricting the length of chat messages to prevent exploitation until a patch is available. As a temporary workaround, avoid using the D NetPlayerEvent function, Msg Write function, or the NetSv ReadCommands function in d netsv.c to handle chat messages or commands. Restrict access to the PKT CHAT message handling to minimize the risk of exploitation.